I've been asked several times now how one can get a verified copy of F-Droid. So
here's a simple step by step explanation.
Please note that F-Droid recommends to install privileged extension. It enables
a seamless app installation and update experience. So installing the APK only
makes sense when you can't install F-Droid privileged extension.
Start out by getting F-Droids signing key:
gpg --keyserver keyserver.ubuntu.com --recv-keys 802A9799016112346E1FEFF47A029E54DD5DCE7A
Next let's get the apk and signature file:
wget https://f-droid.org/FDroid.apk
wget https://f-droid.org/FDroid.apk.asc
now, lets verify it:
gpg --verify-files FDroid.apk.asc
Great, it's verified now you can use Bluetooth, ADB or whatever to copy/install the APK to your phone.
Of course this is just fetching everything from the internet. So it's essential
to really make sure you've fetched the correct key.
Today I've added a systemd service definition, but it didn't show up as a
service when running systemctl list-units. I took me a while to figure out
how to ask systemd if there's anything wrong with my .service file. The
easiest way to get infos about broken service files I could find is to run:
systemd-analyze verify my.service
If that doesn't work, make sure the file is in the correct path.
(/etc/systemd/system/*.service) Once all typos/bugs/etc. are fixed don't
forget to run systemctl daemon-reload to make sure systemd is aware of the
new unit.
I recently helped setting up a cheap used Lenovo D330-10IGM. I realy like
compact 10 inch notebook table convertibles like this. Too bad such machines
always come with Windows 10 preinstalled. So I of course the first thing I'm
going to do is installing my favourite operating system: Debian. This is quite
a process and in case I'll need to retrace my steps I'm writing them down here:
- Prepare USB Flash-Drive with a Debian Installer
- download debian installer iso, it's easiest to get an unofficial image
with non-free drivers included
(https://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/).
I prefer gnome, but it should work fairly similar with most desktop
envirionments.
- connect a big enough usb drive (the debian image i used required ~4GB)
- flash it to a usb drive. eg on a debian system you can just run:
sudo dd if=~/Downloads/debian-live-10.2.0-amd64-gnome+nonfree.iso of=/dev/yourusbdrive bs=8K
- optional tip: once
dd finishes run sync to wait for the OS to write
buffered data to your flash drive
- Lets start by disabling Secure Boot and check that USB boot is enabled:
- make sure your D330 is shut down
- Press
[Volume Up] + [Power] until the backlight comes on. This will bring the machine into UEFI mode.
- click: BIOS Setup
- click: Security (on the left side)
- click: Secure Boot (you want this to be disabled)
- click: Boot (on the left side)
- check that USB Boot is set to enbaled
- click: Save and Exit (lower right)
- click: yes (to save changes)
- Install Debian (gnome):
- make sure your D330 is shut down
- plug your usb previously prepared drive in
- Press
[Volume Up] + [Power] until the backlight comes on. This will bring the machine into UEFI mode.
- click: Boot Menu
- click: Linpus lite (SanDisk) (I'm using a SanDisk Flash drive, this is probably labeled differently when you try.)
- select to boot the live version in the bootloader (nevermind that the
bootloader is flipped 90°, booting might also take a while)
- once gnome booted click the activities hot-corner (right top in gnome)
- click debian installer to start it (usually the first item dock on the left)
- configure everything to your liking.
- manual disk setup is currently required, I removed all existing windows
partitions and set the partitions it up like this:
- 1st partition - mount point: /boot, flags: legacy-boot, size: 200MB, fs: ext2
- 2nd partition - mount point: /boot/efi, flags: boot, site: 55MB, fs: fat32
- 3rd partition - mount point: /, flags: none, size: the rest of the avialable space, fs: ext4
- (note: I didn't configure a swap partition because I want the eMMC to last as long
as possible)
That's pretty much it. Everything important seems to be working. After waking
up from power saving mode both the trackpad and keyboard are not working
anymore. A simple workaround is to just disconnect the tablet and re-attach
it, so I didn't look any further into this as of now.
Occasionally I'm dealing with files that are opaque to me. file helps a lot
with getting a rough idea of what I'm looking at. Today I discovered extract
though. It's a command line tool like file but it doesn't only guess the file
type. It also tries to parse metadata from the file and displays it. For now I
tested it with audio and image files and it happily displayed ID3 and EXIF
infos. This is quite handy.
Some applications on Debian got spell-checking built in. eg. LibreOffice, vim,
etc. There are a couple of libraries for spell-checking packaged for Debian.
Sofar I'm aware of three. So this is what I install to make sure I've got German spell-checking available in most applications:
# install de dictionaries for most apps:
sudo apt install aspell-de myspell-de-de hunspell-de-de
# libre office needs some extra love thou:
sudo apt install --install-suggests libreoffice-l10n-de
I'm not sure why Debian developers think it's good to enable bluetooth
automatically on boot. I think this is a privacy issue and would prefer
bluetooth to be "opt-in". So here's how to make sure bluetooth is turned off by
default:
# install tool for disabling bluetooth
# it's a shame debian has no api for this!
sudo apt install rfkill
# setup systemd unit
cat << EOF | sudo bash -c 'cat > /etc/systemd/system/disable-bluetooth-on-startup.service'
[Unit]
Description=Make shure Bluetooth is disabled on system start.
After=bluetooth.service
[Service]
ExecStart=rfkill block bluetooth
[Install]
WantedBy=multi-user.target
EOF
# enable systemd unit
sudo systemctl enable disable-bluetooth-on-startup
On Debian 10 suspending ThinkPad S1 Yoga does not work for me. When I call
systemctl suspend the device suspends and instantly wakes up again. I could
fix it by flicking the XHC switch in /proc/acpi/wakeup. I used to use persist
this in /etc/rc.local in the past. But it's not there anymore on Debian 10.
So here's how I persisted this using a systemd unit:
cat << EOF | sudo bash -c 'cat > /etc/systemd/system/thinkpad-s1-suspend-fix.service'
[Unit]
Description=thinkpad_s1_suspend_fix
[Service]
Type=oneshot
ExecStart=bash -c 'grep 'XHC.*enabled' /proc/acpi/wakeup && echo XHC > /proc/acpi/wakeup'
StandardOutput=tty
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
EOF
Now lets tell systemd to apply this fix on boot and also apply it right now:
sudo systemctl enable thinkpad-s1-suspend-fix.service
sudo systemctl start thinkpad-s1-suspend-fix.service
Too bad most computer games are non-free. But there are suprisingly many libre
games. They're not necessarily on par with their prorietary counterparts, but
they're fun too. Here's a curated list of libre games:
https://osgameclones.com
When you're new to web hosting, finding decent TLS settings is not trivial.
Retrospectively a lot of time I've put into this feels wasted, because finding
optimal TLS settings basically is a never ending scientific effort. IMHO
web-servers should be pre-configured for getting you decent TLS scores, but
they're not.
The next best thing to getting a sane default configuration is using a
well-maintained configuration generator. Luckily Mozilla is publishing one:
https://ssl-config.mozilla.org
It's a super useful tool, because crafting good TLS configurations requires a
lot of expertise. While this saved me quite some time and headaches, it's
probably still a good idea to test those generated TLS configs against SSL
Test, Mozilla
Observatory, etc. Double-checking is
important when doing security relevant stuff.
It feels to me, that carousels got out of fashion, or at least they rarely
annoy me these days. Which is a good thing! Today thou I was confronted with a
particularly annoying one. It's probably old news, but I occasionally still
like to point people to:
http://shouldiuseacarousel.com
I'm just glad my personal carousel cringe frequency went down over the last
view years.